Presentation is loading. Please wait.

Presentation is loading. Please wait.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

Published byJameson Flury Modified over 8 years ago

Similar presentations

Presentation on theme: "NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity."— Presentation transcript:

1 NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity Framework Overview Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” January 22, 2014 Brian Hubbard Account Manager brian.hubbard@g2-inc.com (301) 575-5106

2 Executive Order 13636—Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” NIST is directed to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure 2

3 The Cybersecurity Framework For the Cybersecurity Framework to meet the requirements of the Executive Order, it must: include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. provide a prioritized, flexible, repeatable, performance- based, and cost-effective approach to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. identify areas for improvement 3

4 4 Development of the Preliminary Framework Engage the Framework Stakeholders Collect, Categorize, and Post RFI Responses Analyze RFI Responses Identify Framework Elements Prepare and Publish Preliminary Framework EO 13636 Issued – February 12, 2013 NIST Issues RFI – February 26, 2013 1 st Framework Workshop – April 03, 2013 Completed – April 08, 2013 Identify Common Practices/Themes – May 15, 2013 2 nd Framework Workshop at CMU – May 29-31, 2013 Draft Outline of Preliminary Framework – June 2013 3 rd Framework Workshop at UCSD – July 10-12, 2013 4 th Framework Workshop at UT Dallas – September 11-13, 2013 Publish Preliminary Framework – October 29, 2013 Ongoing Engagement: Open public comment and review encouraged and promoted throughout the process

5 Getting from the Preliminary Framework to the Final Framework and Beyond 5 Framework Governance Additional Ongoing Public Engagement Public Comment Period Final Cybersecurity Framework Prepare and Publish Preliminary Framework Publish Preliminary Framework – October 29, 2013 Begin 45 day Public Comment Period Stakeholder outreach discussion continue 5 th Framework Workshop at NCSU – Nov 14-15, 2013 Public comment period closed – December 13, 2013 Complete comment resolution and disposition Publish Cybersecurity Framework – February 2014 Framework maintenance and updates Ongoing Engagement: Open public comment and review encouraged and promoted throughout the process

6 Framework Components Framework Core ○ Cybersecurity activities and references that are common across critical infrastructure sectors organized around particular outcomes. Framework Profile Alignment of standards, guidelines and practices to the Framework Core in a particular implementation scenario “Current” Profile vs. “Target” Profile Framework Implementation Tiers Capture how an organization views cybersecurity risk and the processes in place to manage that risk 6

7 Framework Core 7

8 The five Framework Core Functions provide the highest level of structure:  Identify – Develop the institutional understanding to manage cybersecurity risk to systems, assets, data, and capabilities  Protect – Develop and implement the appropriate safeguards, prioritized through the organization’s risk management process, to ensure delivery of critical infrastructure services  Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.  Respond – Develop and implement the appropriate activities, prioritized through the organization’s risk management process (including effective planning), to take action regarding a detected cybersecurity event.  Recover - Develop and implement the appropriate activities, prioritized through the organization’s risk management process, to restore the appropriate capabilities that were impaired due to a cybersecurity event. 8 Framework Functions

9 Framework Categories Categories are the subdivisions of a Function into groups of cybersecurity activities, more closely tied to programmatic needs 9

10 Subcategories - subdivide a Category into specific outcomes of technical and/or management activiites Informative References are specific sections of standards, guidelines and practices common among critical infrastructure sectors that illustrate a method to achieve the outcomes associated with each Subcategory. The Informative References presented in the Framework Core are not exhaustive, and organizations are free to implement other standards, guidelines, and practices. 10 Subcategories and Informative References

11 11 Framework Core - Sample

12  Enables organizations to establish a roadmap to reducing cybersecurity risk  Used to describe current state and desired target state  Comparison of profiles reveals gaps that may be addressed to meet cybersecurity risk management objectives 12 Framework Profiles

13 Framework Implementation Tiers  The Framework Implementation Tiers (“Tiers”) are a lens through which to view the characteristics of the organization’s approach to risk  Tiers range from Partial (Tier 1) to Adaptive (Tier 4)  Tier selection process considers an organization’s current risk management practices threat environment legal and regulatory requirements business/mission objectives organizational constraints 13

14 An organization’s risks, policies, and procedures will ultimately drive its Framework adoption Framework Use Cases: Basic Review of Cybersecurity Practices Establish or Improve a Cybersecurity Program Communicating Cybersecurity Requirements with Stakeholders Identifying Opportunities for New or Revised Informative References Framework Provides a Methodology to Protect Privacy and Civil Liberties 14 How to Use the Framework

15 Thank You The Cybersecurity Framework is available at http://www.nist.gov/itl/cyberframework.cfm http://www.nist.gov/itl/cyberframework.cfm Brian Hubbard G2 Inc. Brian.hubbard@g2-inc.com (301) 575-5106 15

Download ppt "NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity."

Similar presentations

Minnesota Port and Waterway Security Working Group Meeting April 12, 2012.

Minnesota Port and Waterway Security Working Group Meeting April 12, 2012.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Federal Transit Administration Office of Safety and Security FTA BUS SAFETY & SECURITY PROGRAM 18 th NATIONAL CONFERENCE ON RURAL PUBLIC AND INTERCITY.

Federal Transit Administration Office of Safety and Security FTA BUS SAFETY & SECURITY PROGRAM 18 th NATIONAL CONFERENCE ON RURAL PUBLIC AND INTERCITY.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
The NIST Framework for Cybersecurity

The NIST Framework for Cybersecurity
Cybersecurity Framework October 7, 2014

Cybersecurity Framework October 7, 2014
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Enterprise IT Decision Making

Enterprise IT Decision Making
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,

Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Project Overview, Objectives, Components and Targeted Outcomes

Project Overview, Objectives, Components and Targeted Outcomes
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
PUBLIC SECTOR FINANCIAL CONTROL OF THE REPUBLIC OF LITHUANIA By Ms Daina Vaivadienė Chief Specialist of the Internal Audit and Financial Control Methodology.

PUBLIC SECTOR FINANCIAL CONTROL OF THE REPUBLIC OF LITHUANIA By Ms Daina Vaivadienė Chief Specialist of the Internal Audit and Financial Control Methodology.
Workshop on Programming in support of Anti-Corruption Agencies Bratislava, 30 June - 1 July 2009 A methodology for capacity assessment of AC agencies:

Workshop on Programming in support of Anti-Corruption Agencies Bratislava, 30 June - 1 July 2009 A methodology for capacity assessment of AC agencies:
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
Www.unisdr.org 1 Mid-Term Review of the Hyogo Framework for Action Roadmap to Disaster Risk Reduction in the Americas 2010- 2015 & HFA Mid-Term Review.

1 Mid-Term Review of the Hyogo Framework for Action Roadmap to Disaster Risk Reduction in the Americas & HFA Mid-Term Review.
2015 Safety Action Plan & Regulatory Strategy California Public Utilities Commission January 29, 2015.

2015 Safety Action Plan & Regulatory Strategy California Public Utilities Commission January 29, 2015.

Similar presentations

Ads by Google